CVE-2021-31802

Beschreibung:
NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a n before the Content-Length header.

CWE: CWE-787 CWE-20

CVSS-Bewertung
CVSS 2: HIGH – 8.3 (Version: 2.0)
CVSS 3: HIGH – 8.8 (Version: 3.1)

Links:

NVD – CVE-2021-31802
CVE – CVE-2021-31802

Link (max. 20) Quelle Tags
https://ssd-disclosure.com/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rce/ MISC Exploit Third Party Advisory Third Party Advisory
https://www.netgear.com/about/security/ MISC Vendor Advisory Patch Third Party Advisory Vendor Advisory
https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640 MISC Exploit Patch Third Party Advisory
FEDORA-2021-10d7331a31 FEDORA Third Party Advisory
FEDORA-2021-2d860da728 FEDORA
FEDORA-2021-96a5dabcfa FEDORA

Quelle: NVD – CVE-2021-31802
Datum Veröffentlichung: 2021-04-26T13:15Z, Datum letzte Änderung: 2021-05-06T20:38Z